testing radius

  • 1
  • Question
  • Updated 3 years ago
We're using RADIUS for WPA2-Enterprise authentication. APs work fine. RADIUS is defined properly. Servers show up under "However, testing doesn't work through either Hive Manager or the CLI.

exec aaa radius-test radius.example.com username "my username" password **********

Either way I get "The connection attempt to the server timed out."

Why don't these tests work?
Photo of Dan Mellem

Dan Mellem

  • 52 Posts
  • 1 Reply Like
  • frustrated

Posted 3 years ago

  • 1
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Hi Dan,

This is because it's not acting as a supplicant would. A supplicant performing username and password based authentication will typically use a TLS-based EAP type such as EAP-PEAP or EAP-TTLS with an appropriate inner-EAP.

The Service-Type will also not be Framed.

The full CLI command is:

exec aaa radius-test <string> username <string> password <string> [ {pap|chap|ms-chap-v2} ]

This tests using PAP, CHAP or CHAPv2.

To get this to work, you will need to make configuration changes at your RADIUS server to accommodate this.

Regards,

Nick
(Edited)
Photo of Dan Mellem

Dan Mellem

  • 52 Posts
  • 1 Reply Like
We use PEAP + MSCHAP, but the test doesn't work with any of the options. Is there a way to have the AP simulate a supplicant to test RADIUS? It doesn't seem like much of a valid test if we need to reconfigure the RADIUS server for the test.

Thank you,
-Dan
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
No, there's not. FWIW, I did raise this as an issue/feature request a while back and again more recently. This could be achieved by wrapping eapol_test appropriately. As always, there's many competing things for what gets engineering time and this hasn't made the cut yet.
(Edited)
Photo of Dan Mellem

Dan Mellem

  • 52 Posts
  • 1 Reply Like
OK, thanks. That would be helpful.